本文整理汇总了Python中ssl.OP_NO_TLSv1_1方法的典型用法代码示例。如果您正苦于以下问题:Python ssl.OP_NO_TLSv1_1方法的具体用法?Python ssl.OP_NO_TLSv1_1怎么用?Python ssl.OP_NO_TLSv1_1使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类ssl的用法示例。
在下文中一共展示了ssl.OP_NO_TLSv1_1方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def __init__(self, *args, **kwargs):
self.ssl_context = kwargs.pop('ssl_context', None)
self.cipherSuite = kwargs.pop('cipherSuite', None)
self.source_address = kwargs.pop('source_address', None)
if self.source_address:
if isinstance(self.source_address, str):
self.source_address = (self.source_address, 0)
if not isinstance(self.source_address, tuple):
raise TypeError(
"source_address must be IP address string or (ip, port) tuple"
)
if not self.ssl_context:
self.ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
self.ssl_context.set_ciphers(self.cipherSuite)
self.ssl_context.set_ecdh_curve('prime256v1')
self.ssl_context.options |= (ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1)
super(CipherSuiteAdapter, self).__init__(**kwargs)
# ------------------------------------------------------------------------------- # 示例2: _get_default_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def _get_default_ssl_context(self) -> '_ssl.SSLContext':
if _ssl is None:
raise RuntimeError('SSL is not supported.')
try:
import certifi
except ImportError:
cafile = None
else:
cafile = certifi.where()
ctx = _ssl.create_default_context(
purpose=_ssl.Purpose.SERVER_AUTH,
cafile=cafile,
)
ctx.options |= (_ssl.OP_NO_TLSv1 | _ssl.OP_NO_TLSv1_1)
ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
ctx.set_alpn_protocols(['h2'])
try:
ctx.set_npn_protocols(['h2'])
except NotImplementedError:
pass
return ctx 示例3: conn
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def conn(self):
try:
if self.ssl:
ctx = ssl.SSLContext()
ctx.verify_mode = ssl.CERT_NONE
ctx.check_hostname = False
ctx.options |= (
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
) # RFC 7540 Section 9.2: MUST be TLS >=1.2
ctx.options |= ssl.OP_NO_COMPRESSION # RFC 7540 Section 9.2.1: MUST disable compression
ctx.load_default_certs()
self.client_stream = await trio.open_ssl_over_tcp_stream(self.host, self.port, ssl_context=ctx)
else:
self.client_stream = await trio.open_tcp_stream(self.host, self.port)
except OSError as exc:
raise BUIserverException(str(exc))
self.logger.debug('Connected')
self.connected = True
return self.client_stream 示例4: _wrap_sni_socket
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def _wrap_sni_socket(sock, sslopt, hostname):
context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
context.options |= ssl.OP_NO_SSLv2 # Explicitly disable SSLv2
context.options |= ssl.OP_NO_SSLv3 # Explicitly disable SSLv3
context.options |= ssl.OP_NO_TLSv1 # Explicitly disable TLSv1.0
context.options |= ssl.OP_NO_TLSv1_1 # Explicitly disable TLSv1.1
if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
capath = ssl.get_default_verify_paths().capath
context.load_verify_locations(
cafile=sslopt.get('ca_certs', None),
capath=sslopt.get('ca_cert_path', capath)
)
return context.wrap_socket(
sock,
do_handshake_on_connect=sslopt.get('do_handshake_on_connect', True),
suppress_ragged_eofs=sslopt.get('suppress_ragged_eofs', True),
server_hostname=hostname,
) 示例5: parse_ssl_opts
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def parse_ssl_opts(self):
"""
Parses ssl options and creates a SSLContext if self.secure is True.
"""
if not self.secure:
return
ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
ssl_context.options |= ssl.OP_NO_TLSv1
ssl_context.options |= ssl.OP_NO_TLSv1_1
if not self.ssl_options.get('verify_certificate', True):
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
if self.ssl_options.get('key') and self.ssl_options.get('cert'):
ssl_context.load_cert_chain(
self.ssl_options.get('cert'),
keyfile=self.ssl_options.get('key')
)
ssl_context.set_ciphers('ECDHE+AESGCM')
ssl_context.set_alpn_protocols(AlPN_PROTOCOLS)
self.ssl_context = ssl_context 示例6: get_http2_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def get_http2_ssl_context():
"""
This function creates an SSLContext object that is suitably configured for
HTTP/2. If you're working with Python TLS directly, you'll want to do the
exact same setup as this function does.
"""
# Get the basic context from the standard library.
ctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
# RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
# or higher. Disable TLS 1.1 and lower.
ctx.options |= (
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
)
# RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
# compression.
ctx.options |= ssl.OP_NO_COMPRESSION
# RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
# support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
# blocklist defined in this section allows only the AES GCM and ChaCha20
# cipher suites with ephemeral key negotiation.
ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
# We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
# be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
ctx.set_alpn_protocols(["h2", "http/1.1"])
try:
ctx.set_npn_protocols(["h2", "http/1.1"])
except NotImplementedError:
pass
return ctx 示例7: get_http2_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def get_http2_ssl_context():
"""
This function creates an SSLContext object that is suitably configured for
HTTP/2. If you're working with Python TLS directly, you'll want to do the
exact same setup as this function does.
"""
# Get the basic context from the standard library.
ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
# RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
# or higher. Disable TLS 1.1 and lower.
ctx.options |= (
ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
)
# RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
# compression.
ctx.options |= ssl.OP_NO_COMPRESSION
# RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
# support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
# blocklist defined in this section allows only the AES GCM and ChaCha20
# cipher suites with ephemeral key negotiation.
ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
# We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
# be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
ctx.set_alpn_protocols(["h2", "http/1.1"])
try:
ctx.set_npn_protocols(["h2", "http/1.1"])
except NotImplementedError:
pass
return ctx 示例8: create_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_ssl_context(certfile, keyfile):
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.options |= (
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
)
ssl_context.set_ciphers("ECDHE+AESGCM")
ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
ssl_context.set_alpn_protocols(["h2"])
return ssl_context 示例9: send_stats
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def send_stats(version, uniqid, runtime):
#Because this is run as a subprocess we need to start logging again
logger_send_stats = setup_logging(logfilepath="logs/send_stats.log",loggername="send_stats")
destination="https://statscollector.rpisurv.net"
#SSL options
context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile="core/util/statscollector.rpisurv.net.pem")
#Force TLS higher then 1.1
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.options |= ssl.OP_NO_TLSv1
context.options |= ssl.OP_NO_TLSv1_1
#Normally this has been set by ssl.Purpose.SERVER_AUTH but for safety in future explicitly set CERT_REQUIRED
context.verify_mode = ssl.CERT_REQUIRED
httpshandler = urllib2.HTTPSHandler(context=context)
opener = urllib2.build_opener(httpshandler)
opener.addheaders=[
('User-Agent', uniqid),
('Pragma', 'no-cache'),
('Cache-Control', 'no-cache')
]
#Extra info will be send via cookie headers
#opener.addheaders.append(('Cookie', 'runtime='+ runtime + ';reservedkey=reservedvalue'))
opener.addheaders.append(('Cookie', 'runtime='+ runtime + ';version='+ str(version) ))
urllib2.install_opener(opener)
#f = opener.open("http://httpbin.org/cookies")
logger_send_stats.debug("Start sending uniqid " + uniqid + ", runtime " + runtime + ", version " + str(version) + " to " + destination + " for updating stats rpisurv community")
try:
response = opener.open(destination, timeout=20)
except urllib2.HTTPError, e:
logger_send_stats.error("There was an error connecting to the statistics server at " + destination + ". Failed with code " + str(e.code)) 示例10: test_create_ssl_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def test_create_ssl_context() -> None:
path = os.path.join(os.path.dirname(__file__), "assets/config_ssl.py")
config = Config.from_pyfile(path)
context = config.create_ssl_context()
assert context.options & (
ssl.OP_NO_SSLv2
| ssl.OP_NO_SSLv3
| ssl.OP_NO_TLSv1
| ssl.OP_NO_TLSv1_1
| ssl.OP_NO_COMPRESSION
) 示例11: create_secure_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_secure_context(
server_cert: Path, server_key: Path, *, trusted: Path,
) -> ssl.SSLContext:
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.load_cert_chain(str(server_cert), str(server_key))
ctx.load_verify_locations(str(trusted))
ctx.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
ctx.set_alpn_protocols(['h2'])
try:
ctx.set_npn_protocols(['h2'])
except NotImplementedError:
pass
return ctx 示例12: create_secure_context
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_secure_context(
client_cert: Path, client_key: Path, *, trusted: Path,
) -> ssl.SSLContext:
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.load_cert_chain(str(client_cert), str(client_key))
ctx.load_verify_locations(str(trusted))
ctx.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
ctx.set_alpn_protocols(['h2'])
try:
ctx.set_npn_protocols(['h2'])
except NotImplementedError:
pass
return ctx 示例13: server_context_modern
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def server_context_modern() -> ssl.SSLContext:
"""Return an SSL context following the Mozilla recommendations.
TLS configuration follows the best-practice guidelines specified here:
https://wiki.mozilla.org/Security/Server_Side_TLS
Modern guidelines are followed.
"""
context = ssl.SSLContext(ssl.PROTOCOL_TLS) # pylint: disable=no-member
context.options |= (
ssl.OP_NO_SSLv2
| ssl.OP_NO_SSLv3
| ssl.OP_NO_TLSv1
| ssl.OP_NO_TLSv1_1
| ssl.OP_CIPHER_SERVER_PREFERENCE
)
if hasattr(ssl, "OP_NO_COMPRESSION"):
context.options |= ssl.OP_NO_COMPRESSION
context.set_ciphers(
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:"
"ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
)
return context 示例14: main
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def main():
try:
server = ThreadedHTTPServer(('', port), PW2PYwebHandler)
server.daemon_threads = True
server.auth = b64encode(credentials)
if secure:
if sys.hexversion < 0x02071000:
#server.socket = ssl.wrap_socket (server.socket, certfile='./server.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2)
server.socket = ssl.wrap_socket (server.socket, certfile='./server.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
else:
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ctx.load_cert_chain(certfile="./server.pem")
ctx.options |= ssl.OP_NO_TLSv1
ctx.options |= ssl.OP_NO_TLSv1_1
ctx.options |= ssl.OP_CIPHER_SERVER_PREFERENCE
ctx.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA')
server.socket = ctx.wrap_socket(server.socket, server_side=True)
info('started secure https server at port %d' % (port,))
else:
info('started http server at port %d' % (port,))
server.serve_forever()
except KeyboardInterrupt:
print('^C received, shutting down server')
server.shutdown()
print "exit after server.shutdown()" 示例15: Send
# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def Send(self, data_to_send):
certs = []
data_to_send = bytes(data_to_send, 'ascii')
self._parse_input(input_data=data_to_send)
for data_packet in self.input_chunks:
k, c = self._create_cert(serial=data_packet, cn=self.server)
certs.append([k,c])
i = 0
for k, cert in certs:
i += 1
open('/tmp/now.pem', 'wb').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))#.decode("utf-8") )
open('/tmp/now.pem', 'ab').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))#.decode("utf-8") )
sock = socket.socket()
sock.bind((self.server, self.port))
sock.listen(1)
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile='/tmp/now.pem')
context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 # optional
context.set_ciphers('EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH')
sys.stdout.write("Serving cert %s.\n" % i)
ssock, addr = sock.accept()
try:
conn = context.wrap_socket(ssock, server_side=True)
conn.write(b'HTTP/1.1 200 OK\n\n%s' % conn.getpeername()[0].encode())
except ssl.SSLError as e:
print(e)
finally:
# conn.close()
sock.close()
sys.stdout.write("Cert %i out of %i received.\n" % (i, len(certs)))